ajayk · September 21, 2018 02:12
diff --git a/kms_example.sh b/kms_example.sh
 $  echo "secret" > secret.txt
 $  key_material=$(aws kms generate-data-key --key-id <CMK_key_id> --key-spec AES_256)
 $  echo ${key_material} | jq ".CiphertextBlob" | sed 's/"//g' | base64 -d > key.enc
 $  export key=$(echo ${key_material} | jq ".Plaintext" | sed 's/"//g' | base64 -d)
 $  openssl enc -aes-256-cbc -pass env:key -in secret.txt -out secret.txt.enc
 $  rm secret.txt
 $  ls
 key.enc secret.txt.enc
 $  key=$(aws-fd-full kms decrypt --ciphertext-blob fileb://key.enc --output text --query Plaintext  | base64 -d)
 $  openssl enc -d -aes-256-cbc -pass env:key -in secret.txt.enc -out secret.txt
 $  cat secret.txt
 secret
 $  unset key
	$ echo "secret" > secret.txt
	$ key_material=$(aws kms generate-data-key --key-id <CMK_key_id> --key-spec AES_256)
	$ echo ${key_material} \| jq ".CiphertextBlob" \| sed 's/"//g' \| base64 -d > key.enc
	$ export key=$(echo ${key_material} \| jq ".Plaintext" \| sed 's/"//g' \| base64 -d)
	$ openssl enc -aes-256-cbc -pass env:key -in secret.txt -out secret.txt.enc
	$ rm secret.txt
	$ ls
	key.enc secret.txt.enc
	$ key=$(aws-fd-full kms decrypt --ciphertext-blob fileb://key.enc --output text --query Plaintext \| base64 -d)
	$ openssl enc -d -aes-256-cbc -pass env:key -in secret.txt.enc -out secret.txt
	$ cat secret.txt
	secret
	$ unset key